Show in Graph
Common Information
Type Value
Value 
Web Protocols - T1437.001
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may communicate using application layer protocols associated with web protocols traffic to avoid detection/network filtering by blending in with existing traffic. Commands to remote mobile devices, and often the results of those commands, will be embedded within the protocol traffic between the mobile client and server. Web protocols such as HTTP and HTTPS are used for web traffic as well as well as notification services native to mobile messaging services such as Google Cloud Messaging (GCM) and newly, Firebase Cloud Messaging (FCM), (GCM/FCM: two-way communication) and Apple Push Notification Service (APNS; one-way server-to-device). Such notification services leverage HTTP/S via the respective API and are commonly abused on Android and iOS respectively in order blend in with routine device traffic making it difficult for enterprises to inspect.
Details Published Attributes CTI Title
Details Website 2023-04-27 2 Cybersecurity 🔐 And Much More Newsletter 📪 Vol. 3 Num. 16
Details Website 2023-04-26 28 Gozi-ISFB:Darktrace’s Detection of the Malware with a Thousand Faces - Darktrace Blog
Details Website 2023-04-25 54 Anomali Cyber Watch: Two Supply-Chain Attacks Chained Together, Decoy Dog Stealthy DNS Communication, EvilExtractor Exfiltrates to FTP Server
Details Website 2023-04-20 56 Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack | WeLiveSecurity
Details Website 2023-04-20 65 Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack | WeLiveSecurity
Details Website 2023-04-20 72 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible | Mandiant
Details Website 2023-04-19 19 New Variants of Qakbot Banking Trojan
Details Website 2023-04-10 86 Threat Actor Spotlight: RagnarLocker Ransomware
Details Website 2023-04-07 11 Cisco Cyberops 200–201 study guide
Details Website 2023-04-03 228 Malicious ISO File Leads to Domain Wide Ransomware - The DFIR Report
Details Website 2023-04-03 22 Anomali Cyber Watch: Balada Injector Exploits WordPress Elementor Pro, Icon 3CX Stealer Detected by YARA, Koi Loader-Stealer Compresses-then-Encrypts Memory Streams
Details Website 2023-03-28 32 Anomali Cyber Watch: Bitter Spies on Chinese Nuclear Energy, Kimsuky Takes Over Google Account to Infect Connected Android Devices, Bad Magic APT Targets Occupied Parts of Ukraine
Details Website 2023-03-24 36 Phishing Campaign Targets Chinese Nuclear Energy Industry
Details Website 2023-03-23 60 New loader on the bloc - AresLoader
Details Website 2023-03-23 78 Earth Preta Updated Stealthy Strategies
Details Website 2023-03-23 78 Earth Preta Updated Stealthy Strategies
Details Website 2023-03-23 80 Earth Preta Updated Stealthy Strategies
Details Website 2023-03-22 9 APT Profile: Sandworm - SOCRadar® Cyber Intelligence Inc.
Details Website 2023-03-16 121 Not‑so‑private messaging: Trojanized WhatsApp and Telegram apps go after cryptocurrency wallets | WeLiveSecurity
Details Website 2023-03-15 46 Securonix Threat Research Knowledge Sharing Series: Hoaxshell/Villain Powershell Backdoor Generator Payloads in the Wild, and How to Detect in Your Environment
Details Website 2023-03-14 59 The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia | WeLiveSecurity
Details Website 2023-03-14 36 Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam
Details Website 2023-03-07 85 Lazarus Group Attack Case Using Vulnerability of Certificate Software Commonly Used by Public Institutions and Universities - ASEC BLOG
Details Website 2023-03-02 199 Russia/Ukraine Update - February 2023
Details Website 2023-03-01 103 BlackLotus UEFI bootkit: Myth confirmed | WeLiveSecurity